Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for seven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit . Job Summary
The Senior Security Engineer is a key member of a team of security experts providing security platform management and operations expertise to protect the First American Enterprise. The team manages network security both on-prem and in the cloud (Azure, AWS, GCP, and OCI). The Senior Security Engineer's role is to provide operational security solutions that would enable the success of IT and business initiatives. This role will interact with business customers, auditors, third-parties, vendors, as well as IT groups across the company. Responsibilities will include managing initiatives and providing technical expertise.Essential Functions
- Authenticated and authorized vulnerability scanning of a hybrid enterprise across a variety of technologies and environments to determine high risk vulnerabilities to business assets.
- Investigate, recommend, evaluate, deploy and integrate security tools and techniques to improve our ability to protect corporate assets and infrastructure.
- Participate in technical risk assessments and security exposure analyses of systems, networks and business applications.
- Keep up to date on new Cyber Security trends and threats. Advise on issues and recommend proactive measures.
- Assist in defining and implementing Information Security technologies and/or processes required into corporate frameworks.
- Interact with internal and external clients on security requirements, identify security process and develops strategies/solutions to security issues while maintaining tight security discipline
- Develop test plan and implement rigorous testing prior to rollout of new systems into the production environment.
- Regularly interacts with senior management and peers in other departments for purposes of gaining cooperation, exchanging technical information, and presenting project plans and reports.
- Required to perform duties outside of normal work hours based on business needs.
Supervision Received or Extended
- Works on a diverse range of problems of moderate scope where analysis of situations or data requires evaluation of a variety of factors and an understanding of current business and technological trends.
- Exercises judgment within defined procedures and practices to determine appropriate action.
- Initiates corrective action needed to resolve complex, critical issues.
- Provides input to and may develop operational plans and works with senior management to ensure that plans are integrated with broader strategies.
- Receives assignments in the form of objectives and determines how to use resources to meet schedules and goals.
- Provides direction to employees within the boundaries of established policies.
- Enlists expertise of peers in other departments and a wide range of additional resources to explore new methods and approaches and to solve problems.
- Work is reviewed in terms of meeting product, project, or operational objectives, quality, schedules, and budgets.
Knowledge and Skills/Technology Used
- Recommends changes to process, SLA's, department policies, procedures, metrics, and standards.
- Influences senior management on decisions related to department priorities, schedules, plans and cost controls.
- Achieves objectives for multiple and varied projects.
- Regularly makes decisions necessary to resolve critical issues related to department operations.
- Deep expertise in vulnerability scanning tools such as Qualys, Rapid 7, Tenable, or similar tools.
- Strong technical understanding of CVSS, OWASP Top 10 and Vulnerability Exploitability ratings.
- Deep understanding network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Understanding network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network.
- Experience with public cloud networking and security in a hybrid cloud environment.
- Experience with data analytics with the ability to provide qualitative analysis and recommendations.
- Ability to operate in fast-paced, diverse, sometimes vague environments; ability to handle multiple simultaneous projects and tasks while demonstrating urgency and ownership to drive quality outcomes.
- Provides others with reliable information, creates, and delivers accurate reports and presentations. Uses good listening skills. Negotiates effectively.
- Attention to details, excellent analytical thinking, and time management skills.
Typical Range of Experience
- BA/BS degree in Computer Information Systems, Computer Science, Cyber Security or equivalent experience is required. Training courses, seminars, certifications, or other security related education experience preferred.
License or Certification
- 5+years hands on experience managing vulnerability assessment solutions using tools like Qualys, Rapid 7, Tenable or similar
- 5+ years of technical experience as a senior contributor
Pay Range: $88,500 - $135,500 annually This hiring range is a good faith and reasonable estimate of the salary range of possible compensation at the time of the posting, and is subject to change. The actual compensation offered will be determined by various factors, which may include a candidate's education, training, experience, and geographic location.
- CISSP (Certified Information Systems Security Certified Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Management) preferred
First American invests in its employees' development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.
Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.